1. DNS/ドメイン名/乗取

ドメイン名ハイジャック」とも言われるが、用語としては不適切です。

乗取られた状態(結果)を示す言葉である。DNS/乗取

DNS の仕組みを理解する

「キャッシュサーバーに毒を盛る」方法を含め、乗取る方法を調べる。

-- ToshinoriMaeno 2017-09-08 01:01:31


/サブドメイン乗取などの危険性:DNS/脅威/共用ゾーンサービス

存在しないドメインを指すNSレコード (visa.co.jp とか消防庁とか)

ドメイン名の乗っ取りに関する注意 https://jprs.jp/registration/domain-hijacking/

このときのツッコミ不足を認識した。 https://twitter.com/qmailjp/status/202698544359026688?s=20

DNS/類似ドメイン名により誘導するものは含めないことにする。

-- ToshinoriMaeno 2017-11-26 02:01:54

DNS設定の改ざん

1.1. 2019

(緊急)米国国土安全保障省によるDNS設定の改ざんに関する緊急指令の公開について

https://jprs.jp/tech/security/2019-01-28-cisa-emergency-directive.html

(緊急)登録情報の不正書き換えによるドメイン名ハイジャックとその対策 について(2015年5月26日更新)

https://jprs.jp/tech/security/2014-11-05-unauthorized-update-of-registration-information.html

https://jprs.jp/tech/security/2014-11-05-unauthorized-update-of-registration-information.pdf (スライド)

/対策

DNS Abuseと、DNS運用者がすべきこと  2018年11月29日Internet Week2018 ランチセミナー https://jprs.jp/tech/material/iw2018-lunch-L3-01.pdf

/JPRS2018


18 Feb 19 A Deep Dive on the Recent Widespread DNS Hijacking Attacks https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/

https://www.ch.com/2019/01/global-dns-hijacking-campaign

1.2. tampering

Why CISA issued our first Emergency Directive

By Christopher Krebs, Director January 24, 2019 https://cyber.dhs.gov/blog/#why-cisa-issued-our-first-emergency-directive

Emergency Directive 19-01

January 22, 2019 Mitigate DNS Infrastructure Tampering https://cyber.dhs.gov/ed/19-01/

https://cyber.dhs.gov/assets/report/ed-19-01.pdf

Required Actions:

Action One: Audit DNS Records • Within IO business days, for all .gov or other agency-managed domains, audit public DNS records on all authoritative and secondary DNS servers to verify they resolve to the intended location. If any do not, report them to CISA.

Cf SA recommends agencies prioritize NS records and those associated with key agency services offered to organizational users and the public (for example, websites that are central to the agency's mission, MX records, or other services with high utilization).

Action Two: Change DNS Account Passwords • Within 10 business days, update the passwords for all accounts on systems that can make changes to your agency's DNS records. 2

Action Three: Add Multi-Factor Authentication to DNS Accounts • Within IO business days, implement multi-factor authentication (MF A) for all accounts on systems that can make changes to your agency's DNS records.3 IfMFA cannot be enabled, provide CISA with the names of systems, why it cannot be enabled within the required timeline, and when it could be enabled.

CISA recommends using additional factors that are resilient to phishing. Consistent with NIST SP 800-63B, Short Message Service (SMS)-based MF A is not recommended